conjur-debify 1.11.1 → 1.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 94607aa6690de603becb0143bf6f009089a4c8d43a8380334ba55bd01c97600b
-  data.tar.gz: 5ce55a291b26f7e0164697a9ee20453c194ff3d785e7cb1307cbf313473db46b
+  metadata.gz: 0b5fa10a6d866735c45f5edfd2a9defcc685ebe502c8950b219b6a8bc22ed232
+  data.tar.gz: 169e5c66e12fe3533c778255b337ad64b323f35cbc298f8e39c00e7abe765b7f
 SHA512:
-  metadata.gz: 1368be6d677fb7ecf73f03f87ecd4b927fa16a561fe9e46a4b1d5c653042a3474697b3428550cb9aab03c3a9bd2baf3caba4929157068bbaaa8832a6f1290bcd
-  data.tar.gz: 248b20b238f67377d926faf920e48c3b676d7ee1389dd813d85a6668404c28daeb8a0d75a37b9d28215089fd70ead5dec7f69e92cded7a54a8cfbd42031010bc
+  metadata.gz: f9326cdb7fd4efafc3db3dda92e6a313cfc504dc34a24450be1076078cc8124b93c8f8ab781f59434cf625c4a37e2a1e8e6b1ead7466a7df00c2de7e3c3cca30
+  data.tar.gz: 8aae92edeacc8a8ffecaa7bbe4bf09cbb0a0f797b40c4cc8e52e4b9999cd7f607a58a913334e5f82cdcabfe07cc94ab2803bce65b3e99e0b84a0ed23d56824d6

data/.gitignore

@@ -16,5 +16,6 @@ features/reports
 results.html
 mkmf.log
 *.deb
+*.rpm
 *.gem
 docker-debify

data/CHANGELOG.md

@@ -1,8 +1,55 @@
+## [Unreleased]
+
+# 1.12.0
+
+### Added
+- Debify now packages and publishes an RPM file, alongside a debian file.
+  [conjurinc/debify#49](https://github.com/conjurinc/debify/pull/49)
+- `debify package` now offers an `--additional-files` flag to provide a comma
+  separated list of files to include in the FPM build that are not provided
+  automatically by `git ls-files`.
+  [conjurinc/debify#52](https://github.com/conjurinc/debify/pull/52)
+
+### Fixed
+- Bug causing `all` files in the git repo to be added to the debian file.
+  [conjurinc/debify#50](https://github.com/conjurinc/debify/pull/50)
+
+# 1.11.5
+
+### Changed
+* Updated FPM and Test images to use a base image with FIPS-compliant Ruby and OpenSSL.
+
+# 1.11.4
+
+* Updated sandbox password to match Conjur password complexity requirements.
+
+# 1.11.3
+
+* Reverted to `bundler` v1. `bundler` v2 was creating incompatible paths for downstream
+  packages.
+* Made FPM Ruby version use `ruby2.5` instead of `ruby2.6` since that is what
+  our appliance image uses otherwise the gems bundled in the packages are unusable.
+
+# 1.11.2
+
+* Upgraded to use Ruby 2.6 and latest version of FPM
+* Update Conjur Dockerfile from Ubuntu 14.04 --> 18.04 as 14.04 repos
+  are now behind a [pay wall](https://ubuntu.com/blog/ubuntu-14-04-esm-support)
+  Ruby is installed from `ppa:brightbox/ruby-ng` however that PPA
+  [doesn't currently supply ruby2.2 for Ubuntu 18.04](https://launchpad.net/~brightbox/+archive/ubuntu/ruby-ng?field.series_filter=bionic). [The documentation](https://www.brightbox.com/docs/ruby/ubuntu/)
+  suggests this combination is available, so it may be a temporary problem.
+  To work around the problem, ruby is bumped from 2.2 to 2.3 as 2.3 is the oldest
+  version available for Ubuntu 18.04.
+
+# 1.11.1
+
+* Upgrade `docker-debify` to use Ruby 2.6.
+
 # 1.11.0
 
 * Use a Docker env-file (docker.env, by default) to pass environment
   variables to the debify container.
-  
+
 * Make sure `--env` variables get passed along to the Conjur container when testing, too.
 
 # 1.10.3

data/CONTRIBUTING.md

@@ -0,0 +1,16 @@
+# Contributing
+
+For general contribution and community guidelines, please see the [community repo](https://github.com/cyberark/community).
+
+## Contributing
+
+1. [Fork the project](https://help.github.com/en/github/getting-started-with-github/fork-a-repo)
+2. [Clone your fork](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository)
+3. Make local changes to your fork by editing files
+3. [Commit your changes](https://help.github.com/en/github/managing-files-in-a-repository/adding-a-file-to-a-repository-using-the-command-line)
+4. [Push your local changes to the remote server](https://help.github.com/en/github/using-git/pushing-commits-to-a-remote-repository)
+5. [Create new Pull Request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork)
+
+From here your pull request will be reviewed and once you've responded to all
+feedback it will be merged into the project. Congratulations, you're a
+contributor!

data/Dockerfile

@@ -1,4 +1,4 @@
-FROM ruby:2.6
+FROM ruby:2.6-stretch
 
 ### DockerInDocker support is take from
 ### https://github.com/jpetazzo/dind/blob/master/Dockerfile . I
@@ -7,7 +7,9 @@ FROM ruby:2.6
 ### docker:dind image much more complicated and didn't lend itself to
 ### also running ruby.
 
-RUN apt-get update -qq && apt-get install -qqy \
+RUN apt-get update -qq && \
+    apt-get dist-upgrade -qqy && \
+    apt-get install -qqy \
     apt-transport-https \
     ca-certificates \
     curl \

data/Jenkinsfile

@@ -9,6 +9,10 @@ pipeline {
     skipDefaultCheckout()
   }
 
+  triggers {
+    cron(getDailyCronString())
+  }
+
   stages {
     stage('Checkout') {
       steps {
@@ -28,6 +32,23 @@ pipeline {
       }
     }
 
+    stage('Scan Docker image') {
+      parallel {
+        stage('Scan Docker image for fixable issues') {
+          steps{
+            script {
+              VERSION = sh(returnStdout: true, script: 'cat VERSION')
+            }
+            scanAndReport("debify:${VERSION}", "HIGH", false)
+          }
+        }
+        // No all report generated because it currently adds 10-12 minutes of
+        // build time just to write the trivy report. It'll be added once we've
+        // cleaned up and/or ignored enough issues to reduce the impact
+        // on build time.
+      }
+    }
+
     stage('Run feature tests') {
       steps {
         sh './test.sh'
@@ -45,11 +66,10 @@ pipeline {
     }
 
     stage('Publish to RubyGems') {
-      agent { label 'releaser-v2' }
       when {
         allOf {
           branch 'master'
-          expression {
+          /* expression {
             boolean publish = false
 
             try {
@@ -62,7 +82,7 @@ pipeline {
             }
 
             return publish
-          }
+          }*/
         }
       }
 

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2016 Kevin Gilpin
+Copyright (c) 2020 CyberArk Software Ltd. All rights reserved.
 
 MIT License
 

data/README.md

@@ -1,5 +1,10 @@
 # Debify
 
+Debify is a tool used for building and testing DAP appliance packages.
+It is mainly used to package and publish debian packages that are consumed into the
+appliance image in its build stage. However, it also packages and publishes an
+RPM package whenever it does so for a debian.
+
 ## Installation
 
 There are two different ways of installing debify: as a gem, or as a Docker image.
@@ -293,8 +298,6 @@ root@7d4217655332:/src/example# getent hosts mydb
 
 ## Contributing
 
-1. Fork it ( https://github.com/[my-github-username]/debify/fork )
-2. Create your feature branch (`git checkout -b my-new-feature`)
-3. Commit your changes (`git commit -am 'Add some feature'`)
-4. Push to the branch (`git push origin my-new-feature`)
-5. Create a new Pull Request
+For instructions on how to get started and 
+descriptions of our development workflows, please see our
+[contributing guide](CONTRIBUTING.md).

data/VERSION

@@ -1 +1 @@
-1.11.1
+1.12.0

data/debify.gemspec

@@ -6,8 +6,8 @@ require 'conjur/debify/version'
 Gem::Specification.new do |spec|
   spec.name          = "conjur-debify"
   spec.version       = Conjur::Debify::VERSION
-  spec.authors       = ["Kevin Gilpin"]
-  spec.email         = ["kgilpin@conjur.net"]
+  spec.authors       = ["CyberArk Software, Inc."]
+  spec.email         = ["conj_maintainers@cyberark.com"]
   spec.summary       = %q{Utility commands to build and package Conjur services as Debian packages}
   spec.homepage      = "https://github.com/conjurinc/debify"
   spec.license       = "MIT"
@@ -24,14 +24,14 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "bundler", "~> 1.7"
   spec.add_development_dependency "fakefs", "~> 0"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rake", "~> 12.3.3"
   
   # Pin to cucumbe v2. cucumber v3 changes (breaks) the behavior of
   # unmatched capture groups with \(d+). In v3, the value of such a
   # group is 0 instead of nil, which breaks aruba's "I successfully
   # run...." steps.
   spec.add_development_dependency "cucumber", '~> 2'
-  spec.add_development_dependency "aruba"
+  spec.add_development_dependency "aruba", "~> 0.14"
   spec.add_development_dependency 'rspec', '~> 3'
   spec.add_development_dependency 'ci_reporter_rspec', '~> 1.0'
 end

data/features/package.feature

@@ -2,16 +2,21 @@
 Feature: Packaging
 
   Background:
-    Given I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example -v 0.0.1 example -- --post-install /distrib/postinstall.sh`
+    # We use version 0.0.1-suffix to verify that RPM converts dashes to underscores
+    # in the version as we expect
+    Given I successfully run `env DEBUG=true GLI_DEBUG=true debify package -d ../../example -v 0.0.1-suffix example -- --post-install /distrib/postinstall.sh`
 
   Scenario: 'example' project can be packaged successfully
-    Then the stdout should contain "conjur-example_0.0.1_amd64.deb"
-    And the stdout should contain "conjur-example-dev_0.0.1_amd64.deb"
+    Then the stdout should contain "conjur-example_0.0.1-suffix_amd64.deb"
+    And the stdout should contain "conjur-example-dev_0.0.1-suffix_amd64.deb"
+    And the stdout should contain "conjur-example-0.0.1_suffix-1.x86_64.rpm"
+    And the stdout should contain "conjur-example-dev-0.0.1_suffix-1.x86_64.rpm"
 
   Scenario: 'clean' command will delete non-Git-managed files
     When I successfully run `env DEBUG=true GLI_DEBUG=true debify clean -d ../../example --force`
     And I successfully run `find ../../example`
-    Then the stdout from "find ../../example" should not contain "conjur-example_0.0.1_amd64.deb"
-    
+    Then the stdout from "find ../../example" should not contain "conjur-example_0.0.1-suffix_amd64.deb"
+    And the stdout from "find ../../example" should not contain "conjur-example-0.0.1_suffix-1.x86_64.rpm"
+
   Scenario: 'example' project can be published
-    When I successfully run `env DEBUG=true GLI_DEBUG=true debify publish -v 0.0.1 -d ../../example 4.9 example`
+    When I successfully run `env DEBUG=true GLI_DEBUG=true debify publish -v 0.0.1-suffix -d ../../example 4.9 example`

data/lib/conjur/debify.rb

@@ -4,6 +4,7 @@ require 'fileutils'
 require 'gli'
 require 'json'
 require 'base64'
+require 'tmpdir'
 
 require 'conjur/debify/utils'
 
@@ -196,6 +197,17 @@ command "clean" do |c|
   end
 end
 
+def copy_packages_from_container(container, package_name, dev_package_name)
+  Conjur::Debify::Utils.copy_from_container container, "/src/#{package_name}"
+  puts "#{package_name}"
+  begin
+    Conjur::Debify::Utils.copy_from_container container, "/dev-pkg/#{dev_package_name}"
+    puts "#{dev_package_name}"
+  rescue Docker::Error::NotFoundError
+    warn "#{dev_package_name} not found. The package might not have any development dependencies."
+  end
+end
+
 desc "Build a debian package for a project"
 long_desc <<DESC
 The package is built using fpm (https://github.com/jordansissel/fpm).
@@ -228,6 +240,9 @@ command "package" do |c|
   c.desc "Specify a custom Dockerfile.fpm"
   c.flag [ :dockerfile]
 
+  c.desc "Specify files to add to the FPM image that are not included from the git repo"
+  c.flag [ :'additional-files' ]
+
   c.action do |global_options,cmd_options,args|
     raise "project-name is required" unless project_name = args.shift
 
@@ -241,25 +256,41 @@ command "package" do |c|
     dir = cmd_options[:dir] || '.'
     pwd = File.dirname(__FILE__)
 
+    additional_files = []
+    if cmd_options[:'additional-files']
+      additional_files = cmd_options[:'additional-files'].split(',').map(&:strip)
+    end
+
     fpm_image = Docker::Image.build_from_dir File.expand_path('fpm', File.dirname(__FILE__)), tag: "debify-fpm", &DebugMixin::DOCKER
     DebugMixin.debug_write "Built base fpm image '#{fpm_image.id}'\n"
     dir = File.expand_path(dir)
+
     Dir.chdir dir do
       version = cmd_options[:version] || detect_version
-      dockerfile_path = cmd_options[:dockerfile] || File.expand_path("debify/Dockerfile.fpm", pwd)
-      dockerfile = File.read(dockerfile_path)
 
-      output = StringIO.new
-      Gem::Package::TarWriter.new(output) do |tar|
-        git_files.each do |fname|
-          stat = File.stat(fname)
-          tar.add_file(fname, stat.mode) { |tar_file| tar_file.write(File.read(fname)) }
-        end
-        tar.add_file('Dockerfile', 0640) { |tar_file| tar_file.write dockerfile.gsub("@@image@@", fpm_image.id) }
+      # move git files and Dockerfile to temp dir to make deb from
+      # we do this to avoid adding "non-git" files
+      # that aren't mentioned in the dockerignore to the deb
+      temp_dir = Dir.mktmpdir
+      DebugMixin.debug_write "Copying git files to tmp dir '#{temp_dir}'\n"
+      (git_files + additional_files).each do |fname|
+        original_file = File.join(dir, fname)
+        destination_path = File.join(temp_dir, fname)
+        FileUtils.mkdir_p(File.dirname(destination_path))
+        FileUtils.cp(original_file, destination_path)
       end
-      output.rewind
+      
+      # rename specified dockerfile to 'Dockerfile' during copy, incase name is different
+      dockerfile_path = cmd_options[:dockerfile] || File.expand_path("debify/Dockerfile.fpm", pwd)
+      temp_dockerfile = File.join(temp_dir, "Dockerfile")
+      
+      # change image variable in specified Dockerfile
+      dockerfile = File.read(dockerfile_path)
+      replace_image = dockerfile.gsub("@@image@@", fpm_image.id)
+      File.open(temp_dockerfile, "w") {|file| file.puts replace_image}
 
-      image = Docker::Image.build_from_tar output, &DebugMixin::DOCKER
+      # build image from project being debified dir
+      image = Docker::Image.build_from_dir temp_dir, &DebugMixin::DOCKER
 
       DebugMixin.debug_write "Built fpm image '#{image.id}' for project #{project_name}\n"
 
@@ -276,16 +307,21 @@ command "package" do |c|
         status = container.wait
         raise "Failed to package #{project_name}" unless status['StatusCode'] == 0
 
-        pkg = "conjur-#{project_name}_#{version}_amd64.deb"
-        dev_pkg = "conjur-#{project_name}-dev_#{version}_amd64.deb"
-        Conjur::Debify::Utils.copy_from_container container, "/src/#{pkg}"
-        puts "#{pkg}"
-        begin
-          Conjur::Debify::Utils.copy_from_container container, "/dev-pkg/#{dev_pkg}"
-          puts "#{dev_pkg}"
-        rescue Docker::Error::NotFoundError
-          warn "#{dev_pkg} not found. The package might not have any development dependencies."
-        end
+        # Copy deb packages
+        copy_packages_from_container(
+          container,
+          "conjur-#{project_name}_#{version}_amd64.deb",
+          "conjur-#{project_name}-dev_#{version}_amd64.deb"
+        )
+
+        # Copy rpm packages
+        # The rpm builder replaces dashes with underscores in the version
+        rpm_version = version.tr('-', '_')
+        copy_packages_from_container(
+          container,
+          "conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm",
+          "conjur-#{project_name}-dev-#{rpm_version}-1.x86_64.rpm"
+        )
       ensure
         container.delete(force: true)
       end
@@ -309,7 +345,7 @@ end
 def network_options(cmd)
   cmd.desc "Specify link for test container"
   cmd.flag [ :l, :link ], :multiple => true
-  
+
   cmd.desc 'Attach to the specified network'
   cmd.flag [ :n, :net ]
 end
@@ -401,7 +437,7 @@ command "test" do |c|
   c.flag [ :'volumes-from' ], :multiple => true
 
   network_options(c)
-  
+
   c.action do |global_options,cmd_options,args|
     raise "project-name is required" unless project_name = args.shift
     raise "test-script is required" unless test_script = args.shift
@@ -478,8 +514,8 @@ RUN touch /etc/service/conjur/down
         'Env' => [
           "CONJUR_AUTHN_LOGIN=admin",
           "CONJUR_ENV=appliance",
-          "CONJUR_AUTHN_API_KEY=secret",
-          "CONJUR_ADMIN_PASSWORD=secret",
+          "CONJUR_AUTHN_API_KEY=SEcret12!!!!",
+          "CONJUR_ADMIN_PASSWORD=SEcret12!!!!",
         ] + global_options[:env],
         'HostConfig' => {
           'Binds' => [
@@ -488,12 +524,12 @@ RUN touch /etc/service/conjur/down
         }
       }
       host_config = options['HostConfig']
-      
+
       host_config['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
       host_config['VolumesFrom'] = cmd_options[:'volumes-from'] if cmd_options[:'volumes-from'] && !cmd_options[:'volumes-from'].empty?
 
       add_network_config(options, cmd_options)
-      
+
       if global_options[:'local-bundle']
         host_config['Binds']
           .push([ vendor_dir, "/src/#{project_name}/vendor" ].join(':'))
@@ -590,7 +626,7 @@ command "sandbox" do |c|
 
   c.desc 'A command to run in the sandbox'
   c.flag [ :c, :command ]
-  
+
   c.action do |global_options,cmd_options,args|
     raise "Received extra command-line arguments" if args.shift
 
@@ -628,8 +664,8 @@ command "sandbox" do |c|
         'Env' => [
           "CONJUR_AUTHN_LOGIN=admin",
           "CONJUR_ENV=appliance",
-          "CONJUR_AUTHN_API_KEY=secret",
-          "CONJUR_ADMIN_PASSWORD=secret",
+          "CONJUR_AUTHN_API_KEY=SEcret12!!!!",
+          "CONJUR_ADMIN_PASSWORD=SEcret12!!!!",
         ] + global_options[:env]
       }
 
@@ -647,7 +683,7 @@ command "sandbox" do |c|
 
       host_config['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
       host_config['VolumesFrom'] = cmd_options[:'volumes-from'] unless cmd_options[:'volumes-from'].empty?
-      
+
       add_network_config(options, cmd_options)
 
       unless cmd_options[:port].empty?
@@ -716,6 +752,10 @@ command "publish" do |c|
   c.default_value "debian-private"
   c.flag [ :r, :repo]
 
+  c.desc "Artifactory RPM repo to publish package to"
+  c.default_value "redhat-private"
+  c.flag ['rpm-repo']
+
   c.action do |global_options,cmd_options,args|
     require 'conjur/debify/action/publish'
     raise "distribution is required" unless distribution = args.shift

data/lib/conjur/debify/action/publish.rb

@@ -25,14 +25,12 @@ module Conjur::Debify
 
         Dir.chdir dir do
           version = cmd_options[:version] || detect_version
-          component = cmd_options[:component] || detect_component
-          package_name = "conjur-#{project_name}_#{version}_amd64.deb"
 
           publish_image = create_image
           DebugMixin.debug_write "Built base publish image '#{publish_image.id}'\n"
 
           art_url = cmd_options[:url]
-          art_repo = cmd_options[:repo]
+          deb_art_repo = cmd_options[:repo]
 
           art_user = ENV['ARTIFACTORY_USER']
           art_password = ENV['ARTIFACTORY_PASSWORD']
@@ -40,23 +38,35 @@ module Conjur::Debify
             art_user, art_password = fetch_art_creds
           end
 
-          options = {
-            'Image' => publish_image.id,
-            'Cmd' => [
-              "jfrog", "rt", "upload",
-              "--url", art_url,
-              "--user", art_user,
-              "--password", art_password,
-              "--deb", "#{distribution}/#{component}/amd64",
-              package_name, "#{art_repo}/"
-            ],
-            'Binds' => [
-              [ dir, "/src" ].join(':')
-            ]
-          }
-          options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
-
-          publish(options)
+          # Publish deb package
+          component = cmd_options[:component] || detect_component
+          deb_info = "#{distribution}/#{component}/amd64"
+          package_name = "conjur-#{project_name}_#{version}_amd64.deb"
+          publish_package(
+            publish_image: publish_image,
+            art_url: art_url,
+            art_user: art_user,
+            art_password: art_password,
+            art_repo: deb_art_repo,
+            package_name: package_name,
+            dir: dir,
+            deb_info: deb_info
+          )
+
+          # Publish RPM package
+          # The rpm builder replaces dashes with underscores in the version
+          rpm_version = version.tr('-', '_')
+          package_name = "conjur-#{project_name}-#{rpm_version}-1.x86_64.rpm"
+          rpm_art_repo = cmd_options['rpm-repo']
+          publish_package(
+            publish_image: publish_image,
+            art_url: art_url,
+            art_user: art_user,
+            art_password: art_password,
+            art_repo: rpm_art_repo,
+            package_name: package_name,
+            dir: dir
+          )
         end
       end
 
@@ -77,6 +87,39 @@ module Conjur::Debify
         [conjur.resource(username_var).value, conjur.resource(password_var).value]
       end
 
+      def publish_package(
+        publish_image:,
+        art_url:,
+        art_user:,
+        art_password:,
+        art_repo:,
+        package_name:,
+        dir:,
+        deb_info: nil
+      )
+
+        cmd_args = [
+          "jfrog", "rt", "upload",
+          "--url", art_url,
+          "--user", art_user,
+          "--password", art_password,
+        ]
+
+        cmd_args += ["--deb", deb_info] if deb_info
+        cmd_args += [package_name, "#{art_repo}/"]
+
+        options = {
+          'Image' => publish_image.id,
+          'Cmd' => cmd_args,
+          'Binds' => [
+            [ dir, "/src" ].join(':')
+          ]
+        }
+        options['Privileged'] = true if Docker.version['Version'] >= '1.10.0'
+
+        publish(options)
+      end
+
       def publish(options)
         container = Docker::Container.create(options)
         begin

data/lib/conjur/fpm/Dockerfile

@@ -1,27 +1,24 @@
 # Build from the same version of ubuntu as phusion/baseimage
-FROM ubuntu:14.04
+FROM cyberark/phusion-ruby-fips:0.11-latest
 
 RUN apt-get update -y && \
-    apt-get install -y software-properties-common && \
-    apt-add-repository -y ppa:brightbox/ruby-ng && \
-    apt-get update -y && \
-    apt-get install -y build-essential git libpq5 libpq-dev ruby2.2 ruby2.2-dev libffi-dev
+    apt-get dist-upgrade -y && \
+    apt-get install -y build-essential \
+                       git \
+                       libffi-dev \
+                       rpm
 
-
-# Configure bundler and gem the way the ruby:2.2 Dockerfile does, as of 
-# https://github.com/docker-library/ruby/commit/c88f3a67da720bfa9fb1717960d90fd5db11c757
-ENV BUNDLER_VERSION 1.11.2
-
-RUN gem install --no-rdoc --no-ri bundler:$BUNDLER_VERSION ruby-xz:0.2.3 fpm
+RUN gem install --no-document bundler:1.17.3 \
+                              fpm
 
 ENV GEM_HOME /usr/local/bundle
 ENV BUNDLE_PATH="$GEM_HOME" \
-	BUNDLE_BIN="$GEM_HOME/bin" \
-	BUNDLE_SILENCE_ROOT_WARNING=1 \
-	BUNDLE_APP_CONFIG="$GEM_HOME"
+    BUNDLE_BIN="$GEM_HOME/bin" \
+    BUNDLE_SILENCE_ROOT_WARNING=1 \
+    BUNDLE_APP_CONFIG="$GEM_HOME"
 ENV PATH $BUNDLE_BIN:$PATH
-RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \
-	&& chmod 777 "$GEM_HOME" "$BUNDLE_BIN"
+RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" && \
+    chmod 777 "$GEM_HOME" "$BUNDLE_BIN"
 
 RUN mkdir /src
 
@@ -29,4 +26,3 @@ ENTRYPOINT [ "/package.sh" ]
 
 COPY debify_utils.sh /
 COPY package.sh      /
-

data/lib/conjur/fpm/package.sh

@@ -16,11 +16,7 @@ if [ -z "$version" ]; then
 	exit 1
 fi
 
-package_name=conjur-"$project_name"_"$version"_amd64.deb
-dev_package_name=conjur-"$project_name"-dev_"$version"_amd64.deb
-
 # Build dev package first
-echo Building $dev_package_name
 prefix=/src/opt/conjur/project
 cp -al $prefix /dev-pkg
 cd $prefix
@@ -34,21 +30,29 @@ bundle_clean
 if [ `ls | wc -l` -eq 0 ]; then
   echo No dev dependencies, skipping dev package
 else
-  fpm -s dir -t deb -n conjur-$project_name-dev -v $version -C . \
-    --maintainer "Conjur Inc." \
-    --vendor "Conjur Inc." \
+  for file_type in deb rpm
+  do
+    echo "Building conjur-$project_name-dev $file_type package"
+
+    fpm \
+    -s dir \
+    -t $file_type \
+    -n conjur-$project_name-dev \
+    -v $version \
+    -C . \
+    --maintainer "CyberArk Software, Inc." \
+    --vendor "CyberArk Software, Inc." \
     --license "Proprietary" \
-    --url "https://www.conjur.net" \
+    --url "https://www.cyberark.com" \
     --deb-no-default-config-files \
-    --deb-user conjur \
-    --deb-group conjur \
+    --$file_type-user conjur \
+    --$file_type-group conjur \
     --depends "conjur-$project_name = $version" \
     --prefix /opt/conjur/$project_name \
     --description "Conjur $project_name service - development files"
+  done
 fi
 
-echo Building $package_name
-
 mv /src/opt/conjur/project /src/opt/conjur/$project_name
 
 cd /src/opt/conjur/$project_name
@@ -63,16 +67,26 @@ mkdir -p opt/conjur/etc
 
 [ -d opt/conjur/"$project_name"/distrib ] && mv opt/conjur/"$project_name"/distrib /
 
-fpm -s dir -t deb -n conjur-$project_name -v $version -C . \
-	--maintainer "Conjur Inc." \
-	--vendor "Conjur Inc." \
+for file_type in deb rpm
+do
+  echo "Building conjur-$project_name-dev $file_type package"
+
+  fpm \
+  -s dir \
+  -t $file_type \
+  -n conjur-$project_name \
+  -v $version \
+  -C . \
+	--maintainer "CyberArk Software, Inc." \
+	--vendor "CyberArk Software, Inc." \
 	--license "Proprietary" \
-	--url "https://www.conjur.net" \
-	--deb-no-default-config-files \
+	--url "https://www.cyberark.com" \
 	--config-files opt/conjur/etc \
-	--deb-user conjur \
-	--deb-group conjur \
+	--deb-no-default-config-files \
+	--$file_type-user conjur \
+	--$file_type-group conjur \
 	--description "Conjur $project_name service" \
 	"$@"
+done
 
-ls -al *.deb
+ls -al *.{deb,rpm}

data/spec/action/publish_spec.rb

@@ -31,8 +31,8 @@ describe Conjur::Debify::Action::Publish do
     end
     
     it 'runs' do
-      expect(action).to receive(:publish)
-      
+      expect(action).to receive(:publish).twice
+
       action.run
     end
     
@@ -42,8 +42,8 @@ describe Conjur::Debify::Action::Publish do
 
     it 'runs' do
       expect(action).to receive(:fetch_art_creds)
-      expect(action).to receive(:publish)
-      
+      expect(action).to receive(:publish).twice
+
       action.run
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: conjur-debify
 version: !ruby/object:Gem::Version
-  version: 1.11.1
+  version: 1.12.0
 platform: ruby
 authors:
-- Kevin Gilpin
+- CyberArk Software, Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-02-01 00:00:00.000000000 Z
+date: 2020-11-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gli
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: cucumber
   requirement: !ruby/object:Gem::Requirement
@@ -126,16 +126,16 @@ dependencies:
   name: aruba
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.14'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.14'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -166,7 +166,7 @@ dependencies:
         version: '1.0'
 description: 
 email:
-- kgilpin@conjur.net
+- conj_maintainers@cyberark.com
 executables:
 - debify
 extensions: []
@@ -177,6 +177,7 @@ files:
 - ".project"
 - ".rvmrc"
 - CHANGELOG.md
+- CONTRIBUTING.md
 - Dockerfile
 - Gemfile
 - Jenkinsfile
@@ -249,8 +250,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Utility commands to build and package Conjur services as Debian packages